Adobe Reader X for Windows will include a much-discussed sandbox technology called Adobe Reader Protected Mode. The sandbox uses the same basic techniques as Google's Chrome and Microsoft Office 2010 to deal with untrustworthy data.

The idea of a sandbox is to acknowledge that vulnerabilities happen, but to prevent attackers from doing anything harmful after exploiting them. The architecture of Reader X for Windows is such that if attack code gains control in the context of the Reader X process, it will run in the sandbox. All access to dangerous Windows facilities must be obtained through a special interprocess communication mechanism to a different 'broker' process.

At least at first, Protected Mode will be limited to Windows and to Reader. This is because Reader on Windows is the largest target for attack. It's likely we'll see it on other Acrobat products on Windows long before it appears on other operating systems. Protected Mode, like the samdboxes in Chrome and Office, relies on Windows-specific features that have no clear analogs in MacOS or Linux.

Protected Mode has the potential to be a real game changer. PDF has, for perhaps a couple years now, been the most important attack vehicle for sophisticated exploits and an important weapon in targeted attacks. Adobe has been much more aggressive in patching the product and a new updating system rolled out in the last year has, the company claims, dramatically increased the speed with which users apply new versions.

This last point will be the key to making Protected Mode work. Zero-day attacks against Reader aren't all that uncommon, but the bulk of the problem comes from users running old versions, getting exploited through patched vulnerabilities. How quickly can Adobe turn over their installed base? The sooner the better. As users update and Reader becomes no longer an easy target, the shift to Java as the lead product for PC exploit will accelerate.